MSRC Team

Rusty construction shovel

Control Flow Guard for Clang/LLVM and Rust

As part of our ongoing efforts towards safer systems programming, we’re pleased to announce that Windows Control Flow Guard (CFG) support is now available in the Clang C/C++ compiler and Rust. What is Control Flow Guard? CFG is a platform security technology designed to enforce control flow integrity. It has been available since Windows 8.1 …

Control Flow Guard for Clang/LLVM and Rust Read More »

Updates to the Windows Insider Preview Bounty Program

Partnering with the research community is an important part of Microsoft’s holistic approach to defending against security threats. Bounty programs are one part of this partnership, designed to encourage and reward vulnerability research focused on the highest impact to customer security. The Windows Insider Preview (WIP) Bounty Program is a key program for Microsoft and …

Updates to the Windows Insider Preview Bounty Program Read More »

Rusty construction shovel

The Safety Boat: Kubernetes and Rust

Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and is primarily written in the Go programming language. While there have …

The Safety Boat: Kubernetes and Rust Read More »

Rusty construction shovel

Using Rust in Windows

This Saturday 9th of November, there will be a keynote from Microsoft engineers Ryan Levick and Sebastian Fernandez at RustFest Barcelona. They will be talking about why Microsoft is exploring Rust adoption, some of the challenges we’ve faced in this process, and the future of Rust adoption in Microsoft. If you want to talk with …

Using Rust in Windows Read More »

Rusty construction shovel

An intern’s experience with Rust

Over the course of my internship at the Microsoft Security Response Center (MSRC), I worked on the safe systems programming languages (SSPL) team to promote safer languages for systems programming where runtime overhead is important, as outlined in this blog. My job was to port a security critical network processing agent into Rust to eliminate …

An intern’s experience with Rust Read More »

Rusty construction shovel

Designing a COM library for Rust

I interned with Microsoft as a Software Engineering Intern in the MSRC UK team in Cheltenham this past summer. I worked in the Safe Systems Programming Language (SSPL) group, which explores safe programming languages as a proactive measure against memory-safety related vulnerabilities. This blog post describes the project that I have been working on under …

Designing a COM library for Rust Read More »

Rusty construction shovel

We need a safer systems programming language

In our first post in this series, we discussed the need for proactively addressing memory safety issues. Tools and guidance are demonstrably not preventing this class of vulnerabilities; memory safety issues have represented almost the same proportion of vulnerabilities assigned a CVE for over a decade. We feel that using memory-safe languages will mitigate this …

We need a safer systems programming language Read More »

Rusty construction shovel

A proactive approach to more secure code

What if we could eliminate an entire class of vulnerabilities before they ever happened? Since 2004, the Microsoft Security Response Centre (MSRC) has triaged every reported Microsoft security vulnerability. From all that triage one astonishing fact sticks out: as Matt Miller discussed in his 2019 presentation at BlueHat IL, the majority of vulnerabilities fixed and …

A proactive approach to more secure code Read More »